Wireless Intrusion Detection Systems (WIDS)



Similar documents
WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

Security Awareness. Wireless Network Security

Recommended Wireless Local Area Network Architecture

How To Protect A Wireless Lan From A Rogue Access Point

Understanding WiFi Security Vulnerabilities and Solutions. Dr. Hemant Chaskar Director of Technology AirTight Networks

Technical Brief. Wireless Intrusion Protection

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

All You Wanted to Know About WiFi Rogue Access Points

Industrial Communication. Securing Industrial Wireless

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Wireless Network Rogue Access Point Detection & Blocking

Chapter 2 Configuring Your Wireless Network and Security Settings

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Ensuring HIPAA Compliance in Healthcare

Wi-Fi, Health Care, and HIPAA

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

9 Simple steps to secure your Wi-Fi Network.

Wireless Security: Secure and Public Networks Kory Kirk

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Designing, Securing and Monitoring a/b/g/n Wireless Networks

Developing Network Security Strategies

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

How To Secure Wireless Networks

m-trilogix White Paper on Security in Wireless Networks

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

Chapter 3 Safeguarding Your Network

Observer Analyzer Provides In-Depth Management

Link Layer and Network Layer Security for Wireless Networks

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Ensuring HIPAA Compliance in Healthcare

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Securing Cisco Network Devices (SND)

Closing Wireless Loopholes for PCI Compliance and Security

Certified Wireless Security Professional (CWSP) Course Overview

WIRELESS NETWORKING SECURITY

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

Link Layer and Network Layer Security for Wireless Networks

DOS ATTACKS IN INTRUSION DETECTION AND INHIBITION TECHNOLOGY FOR WIRELESS COMPUTER NETWORK

CS 356 Lecture 29 Wireless Security. Spring 2013

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Best Practices for Outdoor Wireless Security

The next generation of knowledge and expertise Wireless Security Basics

Integrating Wired IDS with Wi-Fi Using Open-Source IDS to Complement a Wireless IDS/IPS Deployment

Network Security Administrator

Security Requirements for Wireless Local Area Networks

Top 10 Security Checklist for SOHO Wireless LANs

Don t Let Wireless Detour Your PCI Compliance

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Best Practices for Securing Your Enterprise Wireless Network

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Enterprise A Closer Look at Wireless Intrusion Detection:

Security and privacy in public WLAN networks

Virtual Access Points

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Particularities of security design for wireless networks in small and medium business (SMB)

WHITE PAPER. Best Practices for Wireless Network Security and Sarbanes-Oxley Compliance

Wireless Network Best Practices for General User

Avaya TM G700 Media Gateway Security. White Paper

Networking: EC Council Network Security Administrator NSA

Avaya G700 Media Gateway Security - Issue 1.0

Wireless LAN Security: Securing Your Access Point

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Wireless Vulnerability Assessment For: ABC

Payment Card Industry Self-Assessment Questionnaire

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Top 10 Security Checklist for SOHO Wireless LANs

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Transcription:

Systems (WIDS) Dragan Pleskonjic CONWEX Dragan_Pleskonjic@conwex.net dragan@empowerproduction.com

Motivation & idea Wireless networks are forecasted to expand rapidly (Wi-Fi IEEE 802.11a/b/g ) WLANs offer area coverage and access unlimited by wires, but this implicates openness to various attacks It is possible that we will have wireless Access Points everywhere, even in computer chipsets Inherent lack of security and experience WEP was broken pretty quickly Systems (WIDS) 2

Wireless vs. wired intrusions Wired physically attached: intruder / attacker needs to plug directly into the network Wireless intruder can stay anywhere and intrude unseen No exact border between internal and external network => losing exact classification to insider and outsider attacks Systems (WIDS) 3

Wireless vs. wired intrusions (continued) Sometimes people assume that: Host based systems prevent insider attacks Network based systems outsider tasks We may not agree with this in practice, but as soon as you add a Wi-Fi signal, the border of defense becomes unclear and not sharply defined. Systems (WIDS) 4

Some wireless specific attacks Unauthorized APs - Bogus APs that designed to steal the association and login Credentials War Driving - Probe requests which don't have the ESSID field set in the probe Flooding - Attempts to flood the AP with associations. MAC address spoofing To detect: Rogue APs Monkey/Hacker JACKS Null probes Null Associations Bad MAC controlled by a MAC black list bad SSIDs controlled by a ESSID black list floods etc. Systems (WIDS) 5

Components and Products WIDS consists of: Agent Sensor Server Console & Management, Reporting Tools These components should contribute to achieve intrusion detection and protection goal Systems (WIDS) 6

System Components Relationship Internet Router Modem CIS COSYS TEMS WIDS Server WIDS Sensor Access Point (AP) Bogus AP WIDS Management Console & Reporting Tool Laptops with WIDS Agent Systems (WIDS) 7

Related to: Firewall software and devices Antivirus software Network Management Tools Other security tools Systems (WIDS) 8

Schema Firewalls Network Management & Monitoring Tools WIDS Antivirus software Other security tools and utilities (Encryption, VPN,...) Systems (WIDS) 9

Goal To make an efficient system to defend the wireless network Define attack and intrusion axioms scope Define conclusions mechanisms ( theorems ) Self learning system and anticipation even if we fail to make a fully intelligent system we can accept some weaker decision points to get the system functional Implement attack recognition Launch response to defend system or network Systems (WIDS) 10

Structure Neural networks and fuzzy logic Self learning system (AI - artificial intelligence, neural networks, fuzzy logic ) Automatic answer to intrusions Defend against new intrusion types (previously unknown or similar but different) Local and global answer on attack (intrusion) Wireless specific attacks detection Systems (WIDS) 11

Approach Recognize more attacks Autonomy and cooperation of components Multidimensional system Level of autonomous decision and self defense Resistance and denial of new kinds of intrusions Providing two kinds of response: Local and global Elements of intelligent behavior etc. Systems (WIDS) 12

Status Currently under development Completed steps: Elements for multidimensional concept and axioms scope Partially developed components and elements of system Product family definition and implementation Systems (WIDS) 13

Conclusions and future Further work to be done: To define remaining part of system To make proof of concept implementation To test single components and system overall To gain understanding of the need and solution. Example: WIDS Agent as part of Operating System (as personal firewall or antivirus tool) Systems (WIDS) 14

Questions? e-mail: dragan@conwex.net Systems (WIDS) 15

Abstract Today s wireless networks are vulnerable in many ways (eavesdropping, ping, illegal use, unauthorized access, denial of service attacks, so called warchalking etc). These T problems and concerns are one of main obstacles for wider usage of wireless networks. People are worried to unknowingly expose their computers to illegally access through air from undefined location. On wired networks intruder can access by wire, but in wireless he has possibility sibility to access to your computer from anywhere in neighborhood. In this paper solution to overcome this obstacle is presented. Here H is proposed WIDS (Wireless Intrusion Detection System) based on client based IDS agents, their cooperation and capabilities such as: self learning, autonomy and decision, self-decision and self defense including alerting. This is multidimensional system in development which is intended to cover most of wireless networks specific vulnerabilities on intrusion. It should work in real-time and defend user i.e. his computer or system against majority of intrusions nevertheless of fact if they are already known or new kind of attacks. System is integrated in clients and performs s local data collection and filtering, works as local detection engine cooperating with neighboring IDS agents (cooperative detection engine). It provides local response and/or global response against intrusion. This system can be coupled together with authentication systems and air encryption systems proposed by 802.11i (including AES encryption) and 802.1x (EAP and a its implementations) for better security. At present time there are IDS but mostly wired networks based and d rules/signs based. These systems can t answer on demanding environments and every day practice where we can see new and new types of attacks uncovered by current signs present in IDS, so its efficiency is dependent on frequency of signs / rules discovering and updates. WIDS system, as described here, will require existence of next components c WIDS Agent, Sensor, Server and Management & Reporting Tool and these components are object of analyze. Systems (WIDS) 16

Additional description People are worried about unknowingly exposing their computers to illegal access through the air, from an undefined location. On wired networks the intruder can access by wire, but in wireless environments the intruder can access the network from anywhere in the neighborhood. In this paper, solutions to overcome this obstacle are presented... This is a multidimensional system, currently in development,.it should d work in real-time and defend the user s computer or system against the majority of intrusions, whether they are already known or represent a new kind of attack. The System is integrated with the client performing local data collection and filtering and working as a local detection engine cooperating with other servers and agents on the network. The client provides local and/or global response to intrusions. At the present time there are IDS s but mostly deployed on wired networks, and based on known rules. These systems can t answer the demand in environments where new intrusions are occurring every day. They are limited by current known signatures of intrusions. WIDS system, as described here, will require Agents, Sensors, Servers, and Management and Reporting tools, and these components are the object of the analysis. Systems (WIDS) 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information